Global data in ASP.Net Website

Question

Hi,

I am creating a website on ASP.Net in which a user logs on and I need to store the user specific data (plus some extra data) somewhere so that all the pages in my website can readily access the data. At one time many users could be accessing the website and every user will have his own specific data. Currently I am using sessions to store the data after login and accessing the data on different pages as and when needed. I am also using session to pass data from one page to another. I also don't want to use cookies as many companies don't allow cookies to be created. I understand that this is not the best practice. Can you guys suggest what would be the best way to manage the data?

Thanks, Abhi.

Answer 1

This is what MS says about it, http://msdn.microsoft.com/en-us/library/ms178581.aspx:

"SessionID values are sent in clear text, whether as a cookie or as part of the URL. A malicious user could get access to the session of another user by obtaining the SessionID value and including it in requests to the server. If you are storing sensitive information in session state, it is recommended that you use SSL to encrypt any communication between the browser and server that includes the SessionID value."

As long as you use a save connection you should be fine

Answer 2

ASP.NET already provides you with information about the user through the IPrincipal interface and the User property.

If you need extra information about each user, you can use these to implement a User Context.

Answer 3

Sessions are not necessarily a bad way to go. Ensure that data kept in the session is as concise as possible, and that your application will support all environments that it may be deployed into.

Also remember that Sessions do not provide data persistance once the session has been expired, so if you require data persistence, then a database would be more suitable.